Network Anomaly Detection System Based On Wavelet Analysis

This paper inspects the traffic of large-scale network from a macroscopic perspective. We aggregate packets into flows in a certain sampling rate, which can be mapped to the ordinate of bytes, flows, or packets. It is essentially non-stationary time series with the periodic trend, randomness, seasonal fluctuations and other characteristics. Along with the rich network applications and the increasing number of network users, security issues is becoming more and more important. Correspondingly, network anomaly detection based on flows from a macroscopic point of view has become the focus of the research. This paper studies various existing models of non-stationary network, as well as practical methods of anomaly detection and gives a summarization about their applications, advantages and disadvantages. This paper regards flow aggregation as a signal and combines statistical and signal processing methods, such as wavelet analysis, scalogram analysis to locate and detect anomalies. This paper also gives a classification of network anomalies and analyzes their manifestations in mathematics and the signal, which can be used to classify the result of anomaly detection.This paper mainly studies anomaly detection from the qualitative and quantitative perspective. Qualitative analysis of anomaly detection focuses on models of network traffic and their parameters, which can be used to describe the singular characteristic of traffic such as Lipschitz exponent, Hurst exponent and fractal dimension. This paper tries to identify the relationship between the changing trace of these parameters and the presence of anomalies, which can be used to detect anomalies. Quantitative analysis focuses on the quantified singular phenomenon. Through a series of statistical analysis and signal processing, such as the energy ratio distribution analysis, multi-level wavelet decomposition and the deviation value, this paper establishes a automatic on-line real-time anomaly detection system, which can highlight and detect the anomalies under no human judgment.The network is affected by too many and complicated factors, even the volatility of network users. It is not possible only through one method or one means to achieve the perfect anomaly detection. This paper studies the algorithms of anomaly detection from different perspectives and different methods, trying to build a comprehensive system of anomaly detection. This system can be evaluated by two factors: false positive rate and false negative rate, which are the only criterion. This paper experiments on four traffic flow samples, which contain anomalies. The results show that this system is effective to the detection and highlight of anomalies.In this paper, both qualitative and quantitative detection of the anomalies are based on wavelet analysis. So the system can be called "Network Anomaly Detection System Based on Wavelet Analysis".